[10/12] flow_dissector: Parse Geneve in UDP

Message ID	20240731172332.683815-11-tom@herbertland.com (mailing list archive)
State	Changes Requested
Delegated to:	Netdev Maintainers
Headers	show Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB9F61BE258 for <netdev@vger.kernel.org>; Wed, 31 Jul 2024 17:24:05 +0000 (UTC) From: Tom Herbert <tom@herbertland.com> To: davem@davemloft.net, kuba@kernel.org, edumazet@google.com, netdev@vger.kernel.org, felipe@sipanda.io Cc: Tom Herbert <tom@herbertland.com> Subject: [PATCH 10/12] flow_dissector: Parse Geneve in UDP Date: Wed, 31 Jul 2024 10:23:30 -0700 Message-Id: <20240731172332.683815-11-tom@herbertland.com> In-Reply-To: <20240731172332.683815-1-tom@herbertland.com> References: <20240731172332.683815-1-tom@herbertland.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	flow_dissector: Dissect UDP encapsulation protocols \| expand [00/12] flow_dissector: Dissect UDP encapsulation protocols [01/12] skbuff: Unconstantify struct net argument in flowdis functions [02/12] flow_dissector: Parse ETH_P_TEB [03/12] flow_dissector: Move ETH_P_TEB out of GRE [04/12] udp_encaps: Add new UDP_ENCAP constants [05/12] udp_encaps: Set proper UDP_ENCAP types in tunnel setup [06/12] flow_dissector: UDP encap infrastructure [07/12] flow_dissector: Parse vxlan in UDP [08/12] flow_dissector: Parse foo-over-udp (FOU) [09/12] flow_dissector: Parse ESP, L2TP, and SCTP in UDP [10/12] flow_dissector: Parse Geneve in UDP [11/12] flow_dissector: Parse GUE in UDP [12/12] flow_dissector: Parse gtp in UDP

Message ID

20240731172332.683815-11-tom@herbertland.com (mailing list archive)

State

Changes Requested

Delegated to:

Netdev Maintainers

Headers

From: Tom Herbert <tom@herbertland.com>
To: davem@davemloft.net,
	kuba@kernel.org,
	edumazet@google.com,
	netdev@vger.kernel.org,
	felipe@sipanda.io
Cc: Tom Herbert <tom@herbertland.com>
Subject: [PATCH 10/12] flow_dissector: Parse Geneve in UDP
Date: Wed, 31 Jul 2024 10:23:30 -0700
Message-Id: <20240731172332.683815-11-tom@herbertland.com>
In-Reply-To: <20240731172332.683815-1-tom@herbertland.com>
References: <20240731172332.683815-1-tom@herbertland.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

flow_dissector: Dissect UDP encapsulation protocols | expand

Context	Check	Description
netdev/series_format	success	Posting correctly formatted
netdev/tree_selection	success	Guessed tree name to be net-next, async
netdev/ynl	success	Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	fail	Errors and warnings before: 46 this patch: 46
netdev/build_tools	success	No tools touched, skip
netdev/cc_maintainers	warning	1 maintainers not CCed: pabeni@redhat.com
netdev/build_clang	fail	Errors and warnings before: 48 this patch: 48
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/deprecated_api	success	None detected
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	fail	Errors and warnings before: 49 this patch: 49
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 47 lines checked
netdev/build_clang_rust	success	No Rust files in patch. Skipping build
netdev/kdoc	success	Errors and warnings before: 3 this patch: 3
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

netdev/series_format

success

Posting correctly formatted

netdev/tree_selection

success

Guessed tree name to be net-next, async

netdev/ynl

success

Generated files up to date; no warnings/errors; no diff in generated;

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

fail

Errors and warnings before: 46 this patch: 46

netdev/build_tools

success

No tools touched, skip

netdev/cc_maintainers

warning

1 maintainers not CCed: pabeni@redhat.com

netdev/build_clang

fail

Errors and warnings before: 48 this patch: 48

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/deprecated_api

success

None detected

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

fail

Errors and warnings before: 49 this patch: 49

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 47 lines checked

netdev/build_clang_rust

success

No Rust files in patch. Skipping build

netdev/kdoc

success

Errors and warnings before: 3 this patch: 3

netdev/source_inline

success

Was 0 now: 0

Comments

Willem de Bruijn Aug. 3, 2024, 7:13 p.m. UTC | #1

Tom Herbert wrote:
> Parse Geneve in a UDP encapsulation
> 
> Signed-off-by: Tom Herbert <tom@herbertland.com>
> ---
>  net/core/flow_dissector.c | 29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> index 3766dc4d5b23..4fff60233992 100644
> --- a/net/core/flow_dissector.c
> +++ b/net/core/flow_dissector.c
> @@ -11,6 +11,7 @@
>  #include <net/fou.h>
>  #include <net/ip.h>
>  #include <net/ipv6.h>
> +#include <net/geneve.h>
>  #include <net/gre.h>
>  #include <net/pptp.h>
>  #include <net/tipc.h>
> @@ -808,6 +809,29 @@ __skb_flow_dissect_vxlan(const struct sk_buff *skb,
>  	return FLOW_DISSECT_RET_PROTO_AGAIN;
>  }
>  
> +static enum flow_dissect_ret
> +__skb_flow_dissect_geneve(const struct sk_buff *skb,
> +			  struct flow_dissector *flow_dissector,
> +			  void *target_container, const void *data,
> +			  __be16 *p_proto, int *p_nhoff, int hlen,
> +			  unsigned int flags)
> +{
> +	struct genevehdr *hdr, _hdr;
> +
> +	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
> +				   &_hdr);
> +	if (!hdr)
> +		return FLOW_DISSECT_RET_OUT_BAD;
> +
> +	if (hdr->ver != 0)
> +		return FLOW_DISSECT_RET_OUT_GOOD;
> +
> +	*p_proto = hdr->proto_type;
> +	*p_nhoff += sizeof(struct genevehdr) + (hdr->opt_len * 4);
> +
> +	return FLOW_DISSECT_RET_PROTO_AGAIN;

Do you want to return FLOW_DISSECT_RET_OUT_GOOD if IPPROTO 59.

Per your spec: "IP protocol number 59 ("No next header") may be set to
indicate that the GUE payload does not begin with the header of an IP
protocol."

Admittedly pendantic. No idea if any implementation actually sets
this.

> +}
> +
>  /**
>   * __skb_flow_dissect_batadv() - dissect batman-adv header
>   * @skb: sk_buff to with the batman-adv header
> @@ -974,6 +998,11 @@ __skb_flow_dissect_udp(const struct sk_buff *skb, struct net *net,
>  					       target_container, data,
>  					       p_proto, &nhoff, hlen, flags);
>  		break;
> +	case UDP_ENCAP_GENEVE:
> +		ret = __skb_flow_dissect_geneve(skb, flow_dissector,
> +						target_container, data,
> +						p_proto, &nhoff, hlen, flags);
> +		break;
>  	default:
>  		break;
>  	}
> -- 
> 2.34.1
>

Willem de Bruijn Aug. 3, 2024, 7:19 p.m. UTC | #2

Willem de Bruijn wrote:
> Tom Herbert wrote:
> > Parse Geneve in a UDP encapsulation
> > 
> > Signed-off-by: Tom Herbert <tom@herbertland.com>
> > ---
> >  net/core/flow_dissector.c | 29 +++++++++++++++++++++++++++++
> >  1 file changed, 29 insertions(+)
> > 
> > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> > index 3766dc4d5b23..4fff60233992 100644
> > --- a/net/core/flow_dissector.c
> > +++ b/net/core/flow_dissector.c
> > @@ -11,6 +11,7 @@
> >  #include <net/fou.h>
> >  #include <net/ip.h>
> >  #include <net/ipv6.h>
> > +#include <net/geneve.h>
> >  #include <net/gre.h>
> >  #include <net/pptp.h>
> >  #include <net/tipc.h>
> > @@ -808,6 +809,29 @@ __skb_flow_dissect_vxlan(const struct sk_buff *skb,
> >  	return FLOW_DISSECT_RET_PROTO_AGAIN;
> >  }
> >  
> > +static enum flow_dissect_ret
> > +__skb_flow_dissect_geneve(const struct sk_buff *skb,
> > +			  struct flow_dissector *flow_dissector,
> > +			  void *target_container, const void *data,
> > +			  __be16 *p_proto, int *p_nhoff, int hlen,
> > +			  unsigned int flags)
> > +{
> > +	struct genevehdr *hdr, _hdr;
> > +
> > +	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
> > +				   &_hdr);
> > +	if (!hdr)
> > +		return FLOW_DISSECT_RET_OUT_BAD;
> > +
> > +	if (hdr->ver != 0)
> > +		return FLOW_DISSECT_RET_OUT_GOOD;
> > +
> > +	*p_proto = hdr->proto_type;
> > +	*p_nhoff += sizeof(struct genevehdr) + (hdr->opt_len * 4);
> > +
> > +	return FLOW_DISSECT_RET_PROTO_AGAIN;
> 
> Do you want to return FLOW_DISSECT_RET_OUT_GOOD if IPPROTO 59.
> 
> Per your spec: "IP protocol number 59 ("No next header") may be set to
> indicate that the GUE payload does not begin with the header of an IP
> protocol."
> 
> Admittedly pendantic. No idea if any implementation actually sets
> this.

And reply to the wrong patch. I meant this for GUE.

Also not sure how useful the separate __skb_direct_ip_dissect is if
then have to catch the error special case in the caller.

Tom Herbert Aug. 15, 2024, 8:03 p.m. UTC | #3

On Sat, Aug 3, 2024 at 12:13 PM Willem de Bruijn
<willemdebruijn.kernel@gmail.com> wrote:
>
> Tom Herbert wrote:
> > Parse Geneve in a UDP encapsulation
> >
> > Signed-off-by: Tom Herbert <tom@herbertland.com>
> > ---
> >  net/core/flow_dissector.c | 29 +++++++++++++++++++++++++++++
> >  1 file changed, 29 insertions(+)
> >
> > diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
> > index 3766dc4d5b23..4fff60233992 100644
> > --- a/net/core/flow_dissector.c
> > +++ b/net/core/flow_dissector.c
> > @@ -11,6 +11,7 @@
> >  #include <net/fou.h>
> >  #include <net/ip.h>
> >  #include <net/ipv6.h>
> > +#include <net/geneve.h>
> >  #include <net/gre.h>
> >  #include <net/pptp.h>
> >  #include <net/tipc.h>
> > @@ -808,6 +809,29 @@ __skb_flow_dissect_vxlan(const struct sk_buff *skb,
> >       return FLOW_DISSECT_RET_PROTO_AGAIN;
> >  }
> >
> > +static enum flow_dissect_ret
> > +__skb_flow_dissect_geneve(const struct sk_buff *skb,
> > +                       struct flow_dissector *flow_dissector,
> > +                       void *target_container, const void *data,
> > +                       __be16 *p_proto, int *p_nhoff, int hlen,
> > +                       unsigned int flags)
> > +{
> > +     struct genevehdr *hdr, _hdr;
> > +
> > +     hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
> > +                                &_hdr);
> > +     if (!hdr)
> > +             return FLOW_DISSECT_RET_OUT_BAD;
> > +
> > +     if (hdr->ver != 0)
> > +             return FLOW_DISSECT_RET_OUT_GOOD;
> > +
> > +     *p_proto = hdr->proto_type;
> > +     *p_nhoff += sizeof(struct genevehdr) + (hdr->opt_len * 4);
> > +
> > +     return FLOW_DISSECT_RET_PROTO_AGAIN;
>
> Do you want to return FLOW_DISSECT_RET_OUT_GOOD if IPPROTO 59.
>
> Per your spec: "IP protocol number 59 ("No next header") may be set to
> indicate that the GUE payload does not begin with the header of an IP
> protocol."
>
> Admittedly pendantic. No idea if any implementation actually sets
> this.

It is a legal value in an IPv6 next header field. I'll add
IPPROTO_NONXTHDR and handling in flow dissector.

Tom

>
> > +}
> > +
> >  /**
> >   * __skb_flow_dissect_batadv() - dissect batman-adv header
> >   * @skb: sk_buff to with the batman-adv header
> > @@ -974,6 +998,11 @@ __skb_flow_dissect_udp(const struct sk_buff *skb, struct net *net,
> >                                              target_container, data,
> >                                              p_proto, &nhoff, hlen, flags);
> >               break;
> > +     case UDP_ENCAP_GENEVE:
> > +             ret = __skb_flow_dissect_geneve(skb, flow_dissector,
> > +                                             target_container, data,
> > +                                             p_proto, &nhoff, hlen, flags);
> > +             break;
> >       default:
> >               break;
> >       }
> > --
> > 2.34.1
> >
>
>

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 3766dc4d5b23..4fff60233992 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -11,6 +11,7 @@ 
 #include <net/fou.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
+#include <net/geneve.h>
 #include <net/gre.h>
 #include <net/pptp.h>
 #include <net/tipc.h>
@@ -808,6 +809,29 @@  __skb_flow_dissect_vxlan(const struct sk_buff *skb,
 	return FLOW_DISSECT_RET_PROTO_AGAIN;
 }
 
+static enum flow_dissect_ret
+__skb_flow_dissect_geneve(const struct sk_buff *skb,
+			  struct flow_dissector *flow_dissector,
+			  void *target_container, const void *data,
+			  __be16 *p_proto, int *p_nhoff, int hlen,
+			  unsigned int flags)
+{
+	struct genevehdr *hdr, _hdr;
+
+	hdr = __skb_header_pointer(skb, *p_nhoff, sizeof(_hdr), data, hlen,
+				   &_hdr);
+	if (!hdr)
+		return FLOW_DISSECT_RET_OUT_BAD;
+
+	if (hdr->ver != 0)
+		return FLOW_DISSECT_RET_OUT_GOOD;
+
+	*p_proto = hdr->proto_type;
+	*p_nhoff += sizeof(struct genevehdr) + (hdr->opt_len * 4);
+
+	return FLOW_DISSECT_RET_PROTO_AGAIN;
+}
+
 /**
  * __skb_flow_dissect_batadv() - dissect batman-adv header
  * @skb: sk_buff to with the batman-adv header
@@ -974,6 +998,11 @@  __skb_flow_dissect_udp(const struct sk_buff *skb, struct net *net,
 					       target_container, data,
 					       p_proto, &nhoff, hlen, flags);
 		break;
+	case UDP_ENCAP_GENEVE:
+		ret = __skb_flow_dissect_geneve(skb, flow_dissector,
+						target_container, data,
+						p_proto, &nhoff, hlen, flags);
+		break;
 	default:
 		break;
 	}

[10/12] flow_dissector: Parse Geneve in UDP

Checks

Commit Message

Comments

Patch